Windows reports what hardware you have and what software doesn't work.

Share this story

The National Security Agency's X-KEYSCORE program gives the spy agency access to a wide range of Internet traffic. Any information that isn't encrypted is, naturally, visible to passive Internet wiretaps of the kind the NSA and other intelligence agencies use. This in turn will typically expose such things as e-mails, online chats, and general browsing behavior.

And, according to slides published this weekend by Der Spiegel, this information also includes crash reports from Microsoft's Windows Error Reporting facility built in to Windows.

These reports will tell eavesdroppers what versions of what software someone is running, what operating system they use, and whenever that software has crashed. Windows also sends messages in the clear whenever a USB or PCI device is plugged in as part of its hunt for suitable drivers.

It appears that this information leakage greatly amused the NSA, with Spiegel reporting that the spy organization created a comedy mock-up of the Windows error message. The fake message points at why the NSA would find the information useful, too; knowing what software someone is using makes it easier to find an appropriate security flaw with which to compromise a system. And this is all possible with mere passive monitoring.

NSA's photochop is actually rather amateurish.

NSA, via Der Spiegel

That Windows sends this kind of information in the clear is not actually secret; Microsoft documents it on TechNet. The documentation also notes that if any potentially personal information is sent (memory dumps, for example, could contain some amount of private data) then an encrypted connection is used.

The lack of encryption for the basic reports does, however, stand out as something that should probably change. Spy agencies and criminals, alike, can use this kind of information to help attack people's systems, and there's really no good reason for it to be unencrypted—especially when Microsoft's other error reporting infrastructure already supports encryption.